diff options
Diffstat (limited to 'modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler')
2 files changed, 67 insertions, 24 deletions
diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java index 5c2c43ea..fa26e48f 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java @@ -26,7 +26,6 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processCountryCode; -import static at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils.processDateOfBirthToString; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; @@ -38,7 +37,6 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; import org.apache.commons.lang3.StringUtils; -import org.joda.time.DateTime; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.lang.NonNull; @@ -98,7 +96,7 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { .pseudonym(processPseudonym(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER))) .familyName(processFamilyName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTFAMILYNAME))) .givenName(processGivenName(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_CURRENTGIVENNAME))) - .dateOfBirth(processDateOfBirthToString(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_DATEOFBIRTH))) + .dateOfBirth(processDateOfBirth(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_DATEOFBIRTH))) // additional attributes .placeOfBirth(processPlaceOfBirth(eidasAttrMap.get(EidasConstants.eIDAS_ATTR_PLACEOFBIRTH))) @@ -174,9 +172,9 @@ public abstract class AbstractEidProcessor implements INationalEidProcessor { * @throws EidasAttributeException if NO attribute is available * @throws EidPostProcessingException if post-processing fails */ - protected DateTime processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, + protected String processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, EidasAttributeException { - return EidasResponseUtils.processDateOfBirth(dateOfBirthObj); + return EidasResponseUtils.processDateOfBirthToString(dateOfBirthObj); } diff --git a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java index 6be0a26b..1656ec40 100644 --- a/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java +++ b/modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/UaEidProcessor.java @@ -1,12 +1,21 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.handler; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.ArrayList; import java.util.Arrays; +import java.util.Date; import java.util.HashMap; +import java.util.List; import java.util.Map; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import at.asitplus.eidas.specific.core.config.IEidasSpConfiguration; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; @@ -15,8 +24,8 @@ import lombok.Setter; import lombok.extern.slf4j.Slf4j; /** - * Ulraine specific eIDAS AuthnRequest generation. - * + * Ulraine specific eIDAS AuthnRequest generation. + * * @author tlenz * */ @@ -24,45 +33,81 @@ import lombok.extern.slf4j.Slf4j; public class UaEidProcessor extends AbstractEidProcessor { private static final String CONFIG_PROP_UA_SPECIFIC_LOA = "auth.eIDAS.node_v2.loa.ua.requested"; - + private static final String CONFIG_PROP_UA_WORKAROUND_DATEOFBIRTH = + "auth.eIDAS.node_v2.workaround.ua.dateofbirth"; + private static final String STATIC_DATE_OF_BIRTH = "2000-05-29"; + private static final String canHandleCC = "UA"; - @Autowired IConfiguration config; - + @Autowired + IConfiguration config; + @Getter @Setter private int priority = 1; - + @Override public String getName() { return "UA-PostProcessor"; - + } @Override public boolean canHandle(String countryCode) { return countryCode != null && countryCode.equalsIgnoreCase(canHandleCC); - + } - + @Override protected Map<String, Boolean> getCountrySpecificRequestedAttributes() { return new HashMap<>(); - + } - - protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { - - // allow override of LoA, because UA maybe only support not-notified LoA levels - String uaSpecificLoA = config.getBasicConfiguration(CONFIG_PROP_UA_SPECIFIC_LOA); + + @Override + protected void buildLevelOfAssurance(ISpConfiguration spConfig, Builder authnRequestBuilder) { + // allow override of LoA, because UA maybe only support not-notified LoA levels + final String uaSpecificLoA = config.getBasicConfiguration(CONFIG_PROP_UA_SPECIFIC_LOA); if (StringUtils.isNotEmpty(uaSpecificLoA)) { authnRequestBuilder.levelsOfAssuranceValues(Arrays.asList(uaSpecificLoA)); - log.info("Set UA specific LoA level to: {}", uaSpecificLoA); - + + // set non-notified LoA as allowed LoA + final List<String> allowedLoa = new ArrayList<>(); + allowedLoa.addAll(spConfig.getRequiredLoA()); + allowedLoa.add(uaSpecificLoA); + ((IEidasSpConfiguration) spConfig).setRequiredLoA(allowedLoa); + ((IEidasSpConfiguration) spConfig).setLoAMachtingMode(EaafConstants.EIDAS_LOA_MATCHING_EXACT); + log.info("Set UA specific LoA level to: {} with matching-mode: {}", + StringUtils.join(allowedLoa, "|"), EaafConstants.EIDAS_LOA_MATCHING_EXACT); + } else { super.buildLevelOfAssurance(spConfig, authnRequestBuilder); - + } } - + + @Override + protected String processDateOfBirth(Object dateOfBirthObj) throws EidPostProcessingException, + EidasAttributeException { + final String dateOfBirth = super.processDateOfBirth(dateOfBirthObj); + + try { + final Date dateElement = new SimpleDateFormat("yyyy-MM-dd").parse(dateOfBirth); + if (basicConfig.getBasicConfigurationBoolean(CONFIG_PROP_UA_WORKAROUND_DATEOFBIRTH, false) + && dateElement.after(new Date())) { + log.warn("DateOfBirth: {} is in the future. Use static DateOfBirth as backup", dateOfBirth); + return STATIC_DATE_OF_BIRTH; + + } else { + return dateOfBirth; + + } + + } catch (final ParseException e) { + log.warn("Can not parse dateOfBirth", e); + return dateOfBirth; + + } + } + } |